vulhub
awesome-appsec
| vulhub | awesome-appsec | |
|---|---|---|
| 17 | 6 | |
| 16,220 | 6,098 | |
| 1.3% | 0.6% | |
| 8.9 | 0.0 | |
| 17 days ago | 8 months ago | |
| Dockerfile | PHP | |
| MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
vulhub
- HackTheBox - Writeup Builder [Retired]
-
Valkey Is Rapidly Overtaking Redis
This is pretty materially not fine:
https://github.com/vulhub/vulhub/tree/master/redis/CVE-2022-...
- 2 physical computers 1 vm
-
Making sense of Apache httpd's CVE-2023-25690
I just found this commit (https://github.com/vulhub/vulhub/pull/413/files) for vulnhub containing a POC. I still don't understand exactly how they get to secret.txt in their example but it's a huge step forward. Plenty of mistakes in the Changelog.
- I am setting up a pen testing lab , I want to generate some vulnerabilities on a windows server 2019 (VM)
-
How to create vulnerable machines
A GitHub repo called vulnhub contains numerous Dockerfiles to build vulnerable containers of various popular software. If you’re just getting started this is a good way to have one machine where you deploy vulnerable docker containers to poke at.
- Vulhub: Pre-Built Vulnerable Environments Based on Docker-Compose
- How can I make a ‘bad image’ that will generate ECR scan vulnerabilities?
- Pre-Built Vulnerable Environments Based on Docker-Compose
awesome-appsec
-
Aside from OWASP, are there other relevant certs to get for App Sec?
For resources : https://github.com/paragonie/awesome-appsec
-
Cybersecurity Repositories
AppSec
-
Resources to learn secure coding? App Sec and Web Sec?
Here is a repo of some resources. You are going to need to learn to walk before you run so that at a concrete level you can articulate what secure vs insecure code is and why it matters, then dive into appsec. No disrespect intended but from the way this is written my suggestion would be to focus on computer science foundational concepts as well as spending significant time writing and reading code. This will likely be a several year journey if you are a total beginner but the best time to start is now :)
- Information and learning resources for cryptography newcomers
-
Anyone in AppSec (Application Security)?
Come over to /r/devsecops to get more information about the field. Also, there are lots of good sources, you can get some from my blog, or Awesome AppSec, or Security Prince and other places.
- I'm preparing for the interview and I've curated a list of resources that might be helpful for you also.
What are some alternatives?
docker-openvpn-client-socks - Expose an OpenVPN tunnel as a SOCKS proxy
API-Security-Checklist - Checklist of the most important security countermeasures when designing, testing, and releasing your API
docker-bloodhound - BloodHound Docker Ready to Use
UnSAFE_Bank - Vulnerable Banking Suite
SniDust - SmartDNS Proxy to hide your GeoLocation. Based on DnsDist and nginx
see awesome-security - A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.
docker-dev-ssl-proxy - A simple nginx proxy behind a self-generated & self-signed SSL certificate (local HTTPS). Also utilized in development of https://speaker.app / https://github.com/zenOSmosis/speaker.app.
labs - This is a collection of tutorials for learning how to use Docker with various tools. Contributions welcome.
frigate-synology-dsm7 - Dockerfile and docker-compose file to enable google coral USB accelerators in containers on Synology DSM 7
SecureCodingDojo - The Secure Coding Dojo is a platform for delivering secure coding knowledge.
asterisk-docker - Asterisk + chan_dongle in docker.
Security_Engineer_Interview_Questions - Every Security Engineer Interview Question From Glassdoor.com